>>>>> "Xiamin" == Xiamin Raahauge <xiamin@scdesantis.ne.mediaone.net> writes:

    Xiamin> Is xterm supposed to be setuid root? Mine is, and I can't
    Xiamin> remember if I set it that way while poking around and
    Xiamin> forgot to unset it, or is it supposed to be that way?

By default, xterm is setuid root. IMHO, it doesn't have to be shipped
this way. xterm only needs super-user privilege to scribble an entry
into the utmp file for the user/pty that the xterm is using. This is
not important. Doing this as root - the only way this can be done
alas! - is a Bad Thing as it violates the basic security principle of
least privilege. The same effect could be done by some setgid
privilege and group permissions on the utmp file. [Why give xterm root
permissions just so it can write a login record to utmp?]

xterm is a *BIG* and *COMPLEX* program. This is also bad news from a
security perspective: analysing the code for bugs and security holes
is hard. There have been a few security problems with xterm in the
past and it's not unreasonable to expect more in the future. With such
a history, I urge people to think very, very carefully before letting
xterm run setuid-anything.